To be honest, this is quite tricky.. I just cant manage to find the problem..
This is the traffic - i see outgoing but nothing blocks on the firewall, there is nothing on implicit deny
Yes its the entire output.
I've found the problem yesterday in an evening troubleshooting session.
You see, we have two uplinks from our network. The backup uplink is not configured right and if packets arrive from that endpoint, then they are not properly routed.
The HTTP challange is initiated over our primary uplink so until we fix our uplinks there is nothing i can do about the renewal of the certificate.
But many thanks for the help and the quick answers!
Cheers!